AWS adds Identity Management

by Stephen Gillies

Amazon Web Services has added a new feature to the existing AWS Control Panel, AWS Identity and Access Management (IAM). Almost 9 months in development but offered for no extra cost, AWS Identity and Access Management (IAM) lets you manage users, groups of users, and access permissions for AWS services and resources.

Amazon Web Services has added a new feature to the existing AWS Control Panel, AWS Identity and Access Management (IAM). Almost 9 months in development but offered for no extra cost, AWS Identity and Access Management (IAM) lets you manage users, groups of users, and access permissions for AWS services and resources.

By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

According to an Amazon IAM product page “Using IAM you can create users (representing a person, an organization, or an application, as desired) within an existing AWS Account. You can also group users to apply the same set of permissions. The groups can represent functional boundaries (development vs. test), organizational boundaries (main office vs. branch office), or job function (manager, tester, developer, or system administrator).”

Newly created users have no permissions and all permission control is controlled using policy documents containing policy statements which grant or deny access to AWS service actions or resources. This tight integration of Identity and Access management across AWS products means granular access to applications, file systems and databases can now better reflect complex corporate enterprise environments and multi-tenant environments.

Examples on the AWS blog drill down to the command line driven environment. Once a user is created access permissions, group membership and application access.

“The iam-useraddpolicy command is used to add permissions to a user. The iam-groupaddpolicy command can be used to do the same for a group. Let's add a policy that gives me (user "jeff") permission to use the IAM APIs on users under the "/app" path. I might not be the only user in my account that should have this permission so I'll start by creating a group and granting the permissions to the group and then add "jeff" to the group.